Overview

overview

10

Static

static

K&T MANAGE...ES.exe

windows7-x64

10

K&T MANAGE...ES.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    K&T MANAGEMENT SERVICES.exe

  • Size

    568KB

  • Sample

    230118-j5gghshd9z

  • MD5

    246b9f387bb69263213149dca28a0062

  • SHA1

    3c4b19e509327122e5246450a87087a4e50f631f

  • SHA256

    e7b140fee83be7cd429e9a7458b0fe6a67615b3e2877998f41803f48e63362f3

  • SHA512

    4563dc4646c760f31063269605fa9f733f7529eed4701eacc0d5fab1cb49604040cbfb68d77152b14dea99658d4a314b243c548f0264144d60ad292a75db547c

  • SSDEEP

    6144:2Q606xp2KCydMiN9JZtjKJiqQlvspzScVTZj8Sg5phROxfpF9mpt0+wLH701k8vI:c2KCyjNbZwJP8vPcVMHhRm9GtXMQk8Hg

Score
10/10
guloaderdiscoverydownloaderpersistence

Malware Config

Targets

    • Target

      K&T MANAGEMENT SERVICES.exe

    • Size

      568KB

    • MD5

      246b9f387bb69263213149dca28a0062

    • SHA1

      3c4b19e509327122e5246450a87087a4e50f631f

    • SHA256

      e7b140fee83be7cd429e9a7458b0fe6a67615b3e2877998f41803f48e63362f3

    • SHA512

      4563dc4646c760f31063269605fa9f733f7529eed4701eacc0d5fab1cb49604040cbfb68d77152b14dea99658d4a314b243c548f0264144d60ad292a75db547c

    • SSDEEP

      6144:2Q606xp2KCydMiN9JZtjKJiqQlvspzScVTZj8Sg5phROxfpF9mpt0+wLH701k8vI:c2KCyjNbZwJP8vPcVMHhRm9GtXMQk8Hg

    Score
    10/10
    guloaderdiscoverydownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks